Javascript errors from Google Adsense

On several of my adsense running sites, I have been getting the following errors:

> Unable to post message to [http://]googleads.g.doubleclick.net. > Recipient has origin > http://www.anekdotz.com. > > Unsafe JavaScript attempt to access > frame with URL > [http://]www.anekdotz.com/ from frame > with URL > [http://]googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9099580055602120&output=html&h=250&slotname=9210181593&w=300&flash=10.0.42&url=http%3A%2F%2Fwww.anekdotz.com%2F&dt=1269901036429&correlator=1269901036438&frm=0&ga_vid=711000587.1269901037&ga_sid=1269901037&ga_hid=654061172&ga_fc=0&u_tz=-240&u_his=2&u_java=1&u_h=900&u_w=1440&u_ah=878&u_aw=1436&u_cd=24&u_nplug=10&u_nmime=101&biw=1365&bih=806&eid=44901212&fu=0&ifi=1&dtd=153&xpc=Xkfk1oufPQ&p=http%3A//www.anekdotz.com. > Domains, protocols and ports must match.

(from the Chrome javascript console)

The ads seem to show properly and it doesn't affect my native javascript code. However sometimes these errors seem to slow down page loading. How can I fix this problem?

(I modified the URLs to let me post this as I'm a new user)

Google have messed up their script. There's not much you can do about it.

For some reason http://pagead2.googlesyndication.net/pagead/expansion_embed.js, included in the parent page by the AdSense scripts, is trying to send information about the advert into a newly-written <iframe> created to hold the advert, using the new HTML5 postMessage facility:

            ha(this, function (f, e) {
                d[Pa](this.a[A]+"|"+f+":"+e, this.la)
            });

Yeah. Some nice minified/obfuscated code there. Trust me, Pa is 'postMessage'!

The targetOrigin argument in this call, this.la is set to http://googleads.g.doubleclick.net. However, the new iframe was written with its src set to about:blank. This doesn't match the target origin, so the browser must refuse to send the message. Only Chrome seems to be dropping an actual whinge to the console log about it though.

No idea why it's doing this at all, never mind why it's not just using '*' as a target origin... I'm not really feeling like wading into the obfuscated script to find out. However, this error should not cause page loading to slow down. If you're seeing pauses it's usually resolving and fetching other external scripts.

Google's trying to exploit a browser quirk whereby some browsers ignore the same-origin policy for windows with about:blank as the URL, allowing that window to submit XMLHttpRequest or, in this case, postMessage requests to any site.

As far as I know, browsers have recently been disabling this behaviour. You must have one such patched browser.

Hopefully, this broken functionality doesn't affect your ability to earn money from the ads.

It's annoying for your site to generate Javascript errors through no fault of your own, but it is a possibility you must accept when you run someone else's Javascript on your page.

It's normal because your browser prevents CSRF attacks from other websites.

To allow googleads... to access your website and solve this problem, create a file named crossdomain.xml in your webroot and fill it with the following content:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy 
  SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="googleads.g.doubleclick.net" />
</cross-domain-policy>

To test it, go to your domain http://your-domain.com/crossdomain.xml and make sure there are no errors for that page. You also allowed to use wildcards, etc (look at reference). When you're done, refresh your page. Hope that helps.

Live example: http://www.blanjamudah.com/crossdomain.xml

Reference: http://en.wikipedia.org/wiki/Cross-site_request_forgery http://curtismorley.com/2007/09/01/flash-flex-tutorial-how-to-create-a-crossdomainxml-file/

A crossdomain.xml file in the site root allowing access to googleads.g.doubleclick.net should fix it.

See this page, http://www.warriorforum.com/adsense-ppc-seo-discussion-forum/458906-adsense-blank-space-problem.html

http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

For those who land on this page after searching for the domain and protocol error code:

AdSense has released a new async version of their javascript that addressed the cross-domain errors being generated when we used their older embed code. When we used their standard embed code on our AJAX-heavy site, we got the cross-domain error. When we implemented their async code, and in combination with a properly defined crossdomain.xml the cross-domain error went away.

This seems to be a case of the error message masking the real cause. The real cause is probably some kind of Adsense misconfiguration; unfortunately Adsense doesn't seem to do sufficient checks to give a more relevant error message.

I had this error myself and came to this conclusion after researching the forums, where some people reported it was fixed after verifying their bank account or whatever. In my case, my server-side environment was messing with the google_ad_client parameter, so the real problem was that parameter being null. Once I fixed that, ads were showing and no more error message.

So in practice, it's really nothing to do with same-origin policy. Now that the adsense code is correct, I'm even now able to show ads when running on localhost, as well as on the server.

Just got a similar problem. Not sure if it's related, but I'll explain anyway.

I had two ads showing on my page and wanted to "refactor" the code by only calling this script once at the end of the page:

<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>

My ads broke and I figured out that this script tag has to be placed just after each ads var script:

<script type="text/javascript"><!--
google_ad_client = "ca-pub-872346872364872364";
google_ad_slot = "719238712983";
google_ad_width = 728;
google_ad_height = 90;
//-->
</script>

But when I had reverted my changes the first script tag was still also placed at the bottom of my page and thusly trying to load another one of my script-tags as an ad. This failed and I got this error you saw.

So check that you keep the two ads script tags after eachother and no place else, ex:

<script type="text/javascript"><!--
google_ad_client = "ca-pub-872346872364872364";
google_ad_slot = "719238712983";
google_ad_width = 728;
google_ad_height = 90;
//-->
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>

Simply moving <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> to the top of the page above the ads, instead of below, fixed this for me

In the Sites tab in your Google Adsense dashboard (web or app version). Make sure your site is setup with your-domain.com (or whichever tld) as the domain and www.your-domain.com as a subdomain.